Arqit SKA-Platform 26.03 Keycloak Idle Timeout Bypass: CVE-2026-33585 May 2026

Arqit SKA-Platform Improper Handling of Parameters Vulnerability
Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03.

Vulnerability Analysis

CVE-2026-33585 can be exploited with physical access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Attack Vector:

PHYSICAL

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

LOW

Weakness Type

Improper Handling of Parameters

The software does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.

Arqit SKA-Platform 26.03 Keycloak Idle Timeout Bypass
CVE-2026-33585 Published on May 13, 2026

Vulnerability Analysis

Weakness Type

Improper Handling of Parameters

Affected Versions

Arqit SKA-Platform 26.03 Keycloak Idle Timeout BypassCVE-2026-33585 Published on May 13, 2026

Vulnerability Analysis

Weakness Type

Improper Handling of Parameters

Affected Versions

Arqit SKA-Platform 26.03 Keycloak Idle Timeout Bypass
CVE-2026-33585 Published on May 13, 2026